It was discovered that moin, a python clone of WikiWiki, does not sufficiently sanitize parameters when passing them to the add_msg function. This allows a remote attackers to conduct cross-site scripting attacks for example via the template parameter. For the stable distribution , this problem has been fixed in version 1.7.1-3+lenny5. For the testing distribution , this problem will be fixed soon. For the unstable distribution , this problem has been fixed in version 1.9.3-1.